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Claims 

What is claimed is: 

1. A method for use in a distributed data network wherein a user may request and 
receive content from one or more entities in the distributed data network, the method 

5 comprising the steps of: 

providing one or more mechanisms for enabling at least one of the user and one or more 
of the entities to control which entities in the distributed data network have access to 
information generated in association with the user's activity on the distributed data network; 
and 

1 0 customizing content to be received by the user in accordance with at least a portion of 

the accessible information. 

2. The method of claim 1, wherein the step of providing the one or more control 
mechanisms for the user comprises the step of enabling the user to specify two or more roles 
within which the user may perform activities on the distributed data network. 

15 3. The method of claim 2, further wherein the two or more roles have two or more 

profiles respectively associated therewith. 

4. The method of claim 3, further wherein the two or more profiles are substantially 
unlinkable. 

5. The method of claim 4, wherein the substantial unlinkability of the profiles 
20 substantially prevents an entity from learning about the user's activity at another entity, when 

the user conducts activities at the different entities in the different roles. 

6. The method of claim 2, wherein the roles are specified in accordance with at least 
one dedicated server located in the distributed data network. 
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7. The method of claim 1 , wherein at least one of the one or more entities are merchants 
operating on the distributed data network. 

8. The method of claim 1, wherein the step of providing the one or more control 
mechanisms for the one or more entities comprises the step of enabling the one or more entities 
to specify which other entities are able to access information that the one or more entities 
learned in association with the user conducting activities with the one or more entities. 

9. The method of claim 8, further wherein the one or more entities are enabled to 
specify which other entities are able to access information derived from original information 
that the one or more entities learned in association with the user conducting activities with the 
one or more entities. 

10. The method of claim 9, wherein the one or more entities are enabled to specify a 
degree of information derivation in accordance with which other entities may be able to access 
the information. 

1 1 . The method of claim 10, wherein the one or more entities are enabled to group the 
other entities into one or more classes wherein each class has a degree of information derivation 
associated therewith. 

12. The method of claim 1 , wherein the one or more entities access the information in 
accordance with one or more dedicated databases located in the distributed data network. 

13. A method for use in accordance with at least one server in a distributed data 
network wherein a user may request and receive content from one or more entities in the 
distributed data network, the method comprising the steps of: 

maintaining two or more user-specified policies respectively associated with two or 
more roles within which the user may perform activities on the distributed data network; and 
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issuing access credentials associated with the user-specified policies to one or more 
entities that seek to access information generated in association with the user's activity on the 
distributed data network so as to customize content to be received by the user in accordance 
with at least a portion of the accessible information. 

5 14. The method of claim 13, wherein the access credentials comprise rights by which 

the entity may access the information. 

15. The method of claim 14, wherein the access rights comprise at least one of 
information read rights, information insert rights and information delete rights. 

16. The method of claim 14, wherein the access credentials further comprise an 
identifier of the entity to which the access credentials are being issued. 

17. The method of claim 14, wherein the access credentials further comprise an 
expiration time specifying a duration of the access rights. 

18. The method of claim 14, wherein the access credentials further comprise a digital 
signature on the access credentials. 

15 19. The method of claim 1 8, wherein the access credentials further comprise a public 

key matching a private key by which the access credentials have been digitally signed. 

20. The method of claim 1 3 , wherein the maintaining step further comprises prompting 
the user to specify a new role or an existing role within which the user may perform activities 
on the distributed data network 

20 21 . A method for use in accordance with one or more databases in a distributed data 

network wherein a user may request and receive content from one or more entities in the 
distributed data network, the method comprising the steps of: 
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storing information that the one or more entities learn in association with the user 
conducting activities with the one or more entities; and 

enabling the one or more entities to specify which other entities are able to access the 
stored information so as to customize content to be received by the user in accordance with at 
least a portion of the accessible information. 

22 . The method of claim 2 1 , wherein the information that the one or more entities learn 
in association with the user conducting activities with the one or more entities comprises at 
least one of original information and information derived from the original information. 

23. The method of claim 21, wherein the enabling step further comprises enabling the 
one or more entities to specify one or more taint classes for portions of the stored information. 

24. The method of claim 23, wherein a given taint class corresponds to an affinity an 
entity has to collaborate with entities in the given taint class. 

25. The method of claim 23, wherein at least portions of the information are 
respectively stored as records, wherein each record has stored in association therewith a data 
structure comprising at least one of an accumulated taint strength, a set of taint classes, and 
pointers to one or more original records from which this record was derived. 

26. The method of claim 25, wherein an entity is not permitted to read a record derived 
from an original record if the entity is not a member of a specified taint class and there is a path 
of a given length or less from the derived record to the original record. 

27. The method of claim 2 1 , further comprising the step of applying a scoring function 
to portions of the stored information to which a given entity has access. 
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28. The method of claim 27, wherein results of the scoring function indicate the 
relevance of the portions of the stored information to one or more content customization 
decisions to be made by the given entity. 

29. Apparatus for use in a distributed data network wherein a user may request and 
receive content from one or more entities in the distributed data network, the apparatus 
comprising: 

at least one processor operative to: (i) maintain two or more user-specified policies 
respectively associated with two or more roles within which the user may perform activities on 
the distributed data network; and (ii) issue access credentials associated with the user- specified 
policies to one or more entities that seek to access information generated in association with 
the user's activity on the distributed data network so as to customize content to be received by 
the user in accordance with at least a portion of the accessible information. 

30. The apparatus of claim 29, wherein the access credentials comprise rights by which 
the entity may access the information. 

31. The apparatus of claim 30, wherein the access rights comprise at least one of 
information read rights, information insert rights and information delete rights. 

32. The apparatus of claim 30, wherein the access credentials further comprise an 
identifier of the entity to which the access credentials are being issued. 

33. The apparatus of claim 30, wherein the access credentials further comprise an 
expiration time specifying a duration of the access rights. 

34. The apparatus of claim 30, wherein the access credentials further comprise a digital 
signature on the access credentials. 
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35 . The apparatus of claim 34, wherein the access credentials further comprise a public 

key 

matching a private key by which the access credentials have been digitally signed. 

36. The apparatus of claim 29, wherein the at least one processor is further operative 
5 to prompt the user to specify a new role or an existing role within which the user may perform 

activities on the distributed data network 

37. Apparatus for use in a distributed data network wherein a user may request and 
receive content from one or more entities in the distributed data network, the apparatus 
comprising: 

at least one processor operative to: (i) store information that the one or more entities 
learn in association with the user conducting activities with the one or more entities; and (ii) 
enable the one or more entities to specify which other entities are able to access the stored 
information so as to customize content to be received by the user in accordance with at least 
a portion of the accessible information. 

15 38. The apparatus of claim 37, wherein the information that the one or more entities 

learn in association with the user conducting activities with the one or more entities comprises 
at least one of original information and information derived from the original information. 

39. The apparatus of claim 37, wherein the enabling operation further comprises 
enabling the one or more entities to specify one or more taint classes for portions of the stored 

20 information. 

40. The apparatus of claim 39, wherein a given taint class corresponds to an affinity 
an entity has to collaborate with entities in the given taint class. 

41. The apparatus of claim 39, wherein at least portions of the information are 
respectively stored as records, wherein each record has stored in association therewith a data 
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structure comprising at least one of an accumulated taint strength, a set of taint classes, and 
pointers to one or more original records from which this record was derived. 

42. The apparatus of claim 41, wherein an entity is not permitted to read a record 
derived from an original record if the entity is not a member of a specified taint class and there 
is a path of a given length or less from the derived record to the original record. 

43. The apparatus of claim 37, wherein the at least one processor is further operative 
to apply a scoring function to portions of the stored information to which a given entity has 
access. 

44. The apparatus of claim 43, wherein results of the scoring function indicate the 
relevance of the portions of the stored information to one or more content customization 
decisions to be made by the given entity. 

45 . Apparatus for use in a distributed data network wherein a user system may request 
and receive content from one or more servers associated with entities in the distributed data 
network, the apparatus comprising: 

at least one server in the distributed data network operative to: (i) maintain two or more 
user-specified policies respectively associated with two or more roles within which the user 
system may perform activities on the distributed data network; and (ii) issue access credentials 
associated with the user-specified policies to one or more entity servers that seek to access 
information generated in association with the user system's activity on the distributed data 
network so as to customize content to be received by the user system in accordance with at least 
a portion of the accessible information; and 

one or more databases in the distributed data network operative to: (i) store information 
that the one or more entity servers learn in association with the user conducting activities with 
the one or more entities; and (ii) enable the one or more entities to specify which other entities 
are able to access the stored information so as to customize content to be received by the user 
in accordance with at least a portion of the accessible information. 
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46. The apparatus of claim 45, wherein the at least one server is a virtual server. 

47. The apparatus of claim 45, wherein the user system comprises a browser program 
for requesting and receiving content. 

48. The apparatus of claim 45, wherein the one or more entity servers host merchant 
sites which a user may selectively visit in accordance with the user system. 

49. The apparatus of claim 45, wherein the distributed data network is the Internet. 

50. An article of manufacture for use in accordance with at least one server in a 
distributed data network wherein a user may request and receive content from one or more 
entities in the distributed data network, the article comprising a machine readable medium 
containing one or more programs which when executed implement the steps of: 

maintaining two or more user-specified policies respectively associated with two or 
more roles within which the user may perform activities on the distributed data network; and 

issuing access credentials associated with the user-specified policies to one or more 
entities that seek to access information generated in association with the user's activity on the 
distributed data network so as to customize content to be received by the user in accordance 
with at least a portion of the accessible information. 

5 1 . An article of manufacture for use in accordance with one or more databases in a 
distributed data network wherein a user may request and receive content from one or more 
entities in the distributed data network, the article comprising a machine readable medium 
containing one or more programs which when executed implement the steps of: 

storing information that the one or more entities learn in association with the user 
conducting activities with the one or more entities; and 

enabling the one or more entities to specify which other entities are able to access the 
stored information so as to customize content to be received by the user in accordance with at 
least a portion of the accessible information. 
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